Flashpoint: Friday's DDoS Attack Likely Caused By 'Script Kiddies,' Not Foreign Forces

Security company Flashpoint said in a blog post Tuesday that the social and technical indicators of Friday's distributed denial of service attack – which took down more than 1,200 websites – reveal that it was likely caused by amateur hackers, or "script kiddies."

Many speculated that foreign forces like the Russian government, or WikiLeaks, were behind the DDoS attack, which launched Friday through IoT consumer devices including webcams, routers and video recorders.

"Despite public speculation, Flashpoint assesses with a moderate degree of confidence that the perpetrators behind this attack are most likely not politically motivated, and most likely not nation-state actors," the security company's analyst Allison Nixon said in a blog post.

[Related: 7 Internet Of Things Devices With Security Risks That Solution Providers Can't Ignore]

id
unit-1659132512259
type
Sponsored post

The attack on Dynamic Network Services (Dyn), which connects users to websites such as Twitter and Netflix, came from tens of millions of addresses on devices infected with malicious software codes, knocking out access by flooding websites with junk data.

Flashpoint said the infrastructure used in the attack also targeted a "well-known game company" – and while there was no disruption of service, this move aligns more with the hacking forum community.

"These hackers exist in their own tier… and are separate and distinct from hacktivists, organized crime, state-actors, and terrorist groups," said Nixon. "They can be motivated by financial gain, but just as often will execute attacks such as these to show off, or to cause disruption and chaos for sport."

She added that less amateur hackers or foreign groups are less likely to launch DDoS attacks without clear political, financial or strategic gains.

Despite Flashpoint's assessment of a lack of political motivation in the DDoS attacks, solution providers like Casey Newton, CEO of San Francisco-based IoT security company OneID, said that many consumer IoT devices remain vulnerable.

"I think Friday definitely woke up a lot of people to [vulnerabilities of IoT]," he said. " The problem with IoT is that in the rush to deploy and ship devices, no one thought about security. Hopefully manufacturers will start to take it more seriously."

On Monday, manufacturer Hangzhou Xiongmai said it is recalling the web cameras that use its circuit board and other components – which were one of the many devices used in the attack.

Meanwhile, other security advocates like Sen. Mark Warner (D-Va.), co-founder of the Senate Cybersecurity Caucus, are appealing to federal agencies to address the lack of security standards requirements for Internet of Things device manufacturers.

"Because the producers of these insecure IoT devices currently are insulated from any standards requirements, market feedback or liability concerns, I am deeply concerned that we are witnessing a ’tragedy of the commons’ threat to the continued functioning of the internet, as the security so vital to all Internet users remains the responsibility of none," he wrote Tuesday.